Especially when issues like these: https://github.com/shadowproject/shadow/issues/25 pop up.
"There is no way to contact you on the bug bounty program"
Still, I've been around the space for a long time and I don't remember hearing too much about the Umbra project before today. That's usually a bad sign, especially given that they don't have a whitepaper.
There are a few major problems that slaughter projects like this:
1. They don't respect scalability constraints.
2. They don't actually understand what it takes to achieve privacy.
3. They don't realize that they've set up a centralized system.
4. They don't understand a lot of things about decentralization. This stuff is hard.
The only whitepaper I could find for the whole system was for ShadowChat, which says they use AES-256-CBC to encrypt the chat. AES is a symmetric encryption algorithm, and a strange choice for a chat protocol. Furthermore, CBC is not great at hiding patterns, and chat will often have a lot of patterns. Not necessarily going to cause problems, but it's another decision that I think is pretty weak, especially when there are better standards already out there.
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...
http://crypto.stackexchange.com/questions/25089/plaintext-bl...
As for anonymous cryptocurrency, there have been a lot of attempts at creating anonymous cryptocurrency and they are generally garbage. Either the mixing leaks information, or there is a reliance on central services, or other major problems.
Shadowcash claims to be a Proof-of-Stake cryptocurrency, which is a consensus system that has been pretty highly discredited among the more well respected researchers. The threat model is definitely different, and in general is a lot weaker both in terms of attack-resistance and in terms of decentralization that traditional Proof-of-Work. Even Ethereum has yet to come up with a Proof-of-Stake algorithm that they feel comfortable committing to, and they were so certain they'd get there that they added a feature which will break the currency unless they hardfork to PoS (at least that was the idea - given that PoS is not ready, they will probably just hardfork to a not-intentionally-broken PoW).
https://download.wpsoftware.net/bitcoin/pos.pdf https://download.wpsoftware.net/bitcoin/old-pos.pdf
A few worth taking seriously are Monero, Zcash (though Zcash depends on new/fancy/less-trusted crypto - zkSnarks), and JoinMarket. Everything else that's got academic strength behind it is too early to have a user-ready implementation.
That's just my two cents. Maybe in a few weeks there will be a whitepaper that covers the full strategies of Umbra and it ends up being pretty good. But I don't think so, given that the few decisions that I could find already suggest that this is a platform built by amateurs.
Okay.
> AES is a symmetric encryption algorithm, and a strange choice for a chat protocol.
No, it's the standard choice.
Signal uses AES-256-CBC + HMAC-SHA-256, for example.
> Furthermore, CBC is not great at hiding patterns, and chat will often have a lot of patterns.
That's not true. CBC mode isn't great at hiding patterns with IV reuse. Solution: Don't reuse IVs.
The problem with CBC mode is that it's unauthenticated, and as a result is often susceptible to padding oracle attacks that allow messages to be decrypted byte-at-a-time.
https://paragonie.com/blog/2015/05/using-encryption-and-auth...
A better mode would be GCM, or maybe GCM-SIV, or scrap AES entirely in favor of ChaCha20-Poly1305.
Indeed HTTPS was not enabled on the page, it was still a work in progress. It is now enabled.
We're working on an installer that will mitigate MITM issues by having releases to be signed by multiple people.
1. We do respect scalability constrains, but we decided to monitor the network and scale when needed. The idea that we have to focus our limited development time and funds on issues that are not yet a problem is a bit goofy. The idea for scaling is to include a tree like structure: 1 / \ 2 3 You split the data into numbers, based on the capacity of your node. E.G. Alice has an address of stream 2. If Bob wants to send a message to Alice he encodes the stream number as metadata into the message and connects to a node of either 1 or 2. Nodes with the same number relay messages to eachother. When Bob can't find a node with number 2 he can just share it with a node of number 1. It will finds its way down (like a stream) to 2.
Project is far from perfect, as you said, but it's worth a try. With awareness we hope that more reviews come to make this project more solid.
The whitepapers are in the number of two (chat and anon sending) : https://shadowproject.io/en/documentation
A good doc explain most of the functions in ShadowProject : https://doc.shadowproject.io/
Fully anonymous blockchain tech probably scares them.
This is probably the single most significant concept for legal privacy rights in the US.
https://github.com/shadowproject/whitepapers/releases/downlo...
... that's really scary (ECDH + ECDSA + CBC mode, using OpenSSL's primitives, in an ad-hoc configuration, with plaintext compression), and also inferior to modern secure messaging schemes. People should use Signal Protocol for this stuff.
Slightly later:
The only source code I can find for this is a giant collection of C++. There's CSS referring to "ShadowChat", and a file "smessage.cpp" which roughly corresponds to the protocol sketched in that PDF. It's C++, lots of it, with a lot of memcpy.
If you want users to take your comments seriously then you should be a bit more specific about what's scare. CBC and ECDH are the basis of most modern end-to-end encrypted messaging schemes.
I agree with the key exchange, it doesn't have a proper ratchet, it's on our to-do list.
OK, it's an altcoin scam.
Sounds like they don't even have any interesting cryptographic primitives for privacy, but they just have a mixer built into the app or something. Why would I use this over using Bitcoin with a mixer? Plus, if/when Bitcoin starts integrating ZKP/privacy cryptography like Ring signatures, it's going to be a very hard sell to use any of the miscellaneous altcoins that have some privacy-related cryptographic advancement as their only feature.
Ever heard of IND-CCA3?
